Physically Hiding Yourself on a Large Wifi Network

[Aiden]

A couple of friends in class the other day were talking about the ways where network admins can magically pinpoint every device connected to their network exactly and how they'll come get you (they're a bit computer-challenged ;) ). In any case, it made me think they might have a sliver of truth in there, the fact that the admins could figure out what AP you were connected to (with traceroute, probably) and get a pretty precise idea of where you were (due to APs not having a large range).

I was wondering if there was a way to stop that. I know that wireless packets have 4 fields for addresses (original address, last address, next address, and destination address -- pretty sure) because they have to hop from AP to router to destination, etc. Lol, not quite sure what to do with that information other than that you could spoof your packets to look like they came from someone else, but if someone is trying to connect to you (and they know your IP) there's not really much you could do, as far as I know. Maybe ARP poison the APs or something? Dunno.

Ideas?

[foldingstock]

you could spoof your packets to look like they came from someone else

Spoofing the source address in the packet would not allow the reply packet to traverse the network back to your device. Not the best idea. Also, while the source address would be spoofed, the packet would still travel a physical path from you, to the ap, and through the network. If the admin is paranoid enough (most school admins are) they may have traffic logging on and would catch this.

[IceDane]

I have given this some thought myself when I was thinking about arp spoofing my school's network(And I did).

I figured that the safest bet would be to spoof my mac address. That way, they can narrow it down to a computer the vicinity, but can't really prove it was me, or anyone else, since the mac address is changeable. I made mine 00:00ad:be:ef.

There might still be ways to eventually find your computer, but I think those would go into analyzing the packets I sent out to determine which operating system and so on I ran. But then again, they wouldn't know I was dual-booting Linux when they see that I'm just surfing in windows were they to try to find me.

[9c5]

Reminds me on an incident at my University. Someone connected their laptop directly to the LAN (against policy, fairly obvious why). The lab admin bursted in and came right over to the area and asked if anyone connected to the LAN and they can be expelled for it.

We have access to the WiFi but only after logging in, I assume to keep track of what we are doing and cover themselves if something goes down.

[psilocybin]

Just set up a rogue AP that hooks into their network, then drop a bunch of repeaters all over their campus, you know, since you have hundreds of dollars to drop on wifi equipment.

[foldingstock]

Just set up a rogue AP that hooks into their network, then drop a bunch of repeaters all over their campus, you know, since you have hundreds of dollars to drop on wifi equipment.

On a school network there are usually dozens of computers that go unused. (empty classrooms, libraries, etc) It would be more cost-effective to crack the local login (trivial) and remotely log in to one of these unused machines and work from there. In the event that they traced whatever you were doing, they would trace you to that computer. Yes, they could trace you from that computer to your wireless location, but hopefully by the time they found that computer you would already be disconnected and on your way.

I did this one year to pull off an April fools gag using ettercap to redirect all <a href... links to a specially crafted April fools page.

[module0000]

Not sure how seriously you are devoted to your privacy, but try the following:

1) Boot into a clean linux with 0 open ports(no OS fingerprinting,.e.g. http://nmap.org/book/osdetect.html)
2) Spoof your MAC
3) Open an ssh tunnel to a non-identifiable host(not your home PC)
4) Direct all your traffic through that tunnel

That should fly you relatively low under the radar...the only caveat I can imagine is if the admin notices an abnormally large amount of traffic to your_ssh_host.com, or whichever address you are tunneling all that data through. They could just drop packets going to that address...but no real chance of "identifying" you comes to mind.

Other last-minute notes...Don't try obvious methods like TOR, it's not difficult to see a user on your network is using TOR. While you may not know what they are looking at, you do know they are trying to hide it from you...and that will draw unwanted attention. Best if they don't even suspect someone is hiding anything.

[IceDane]

Not sure how seriously you are devoted to your privacy, but try the following:

1) Boot into a clean linux with 0 open ports(no OS fingerprinting,.e.g. http://nmap.org/book/osdetect.html)
2) Spoof your MAC
3) Open an ssh tunnel to a non-identifiable host(not your home PC)
4) Direct all your traffic through that tunnel

That should fly you relatively low under the radar...the only caveat I can imagine is if the admin notices an abnormally large amount of traffic to your_ssh_host.com, or whichever address you are tunneling all that data through. They could just drop packets going to that address...but no real chance of "identifying" you comes to mind.

Other last-minute notes...Don't try obvious methods like TOR, it's not difficult to see a user on your network is using TOR. While you may not know what they are looking at, you do know they are trying to hide it from you...and that will draw unwanted attention. Best if they don't even suspect someone is hiding anything.

You forget that his location can still be narrowed down to the wireless router's radius. Anonymizing like that doesn't help you at all to hide yourself from the network admin.

[module0000]

You forget that his location can still be narrowed down to the wireless router's radius. Anonymizing like that doesn't help you at all to hide yourself from the network admin.

That's a good point...all the virtual security in the world won't help if you're the only one in room <x>.

[Cool_Fire]

In theory it might be possible to spoof several hops, but I've never seen this done or attempted even.

*ponders a new post in the tools section*